User:Skippy/ACL Branch

From Habari Project

The ACL branch is intended to be the test bed in which a robust permissions system can be developed.

Please read the Permissions and Classes/ACL pages to get an understanding of how the permission system is intended to work.

Currently, most work on this branch has been focused on defining a reasonable set of default usergroups, and assigning sane defaults to these.

The currently defined groups are:

anonymous

member

author

editor

administrator

The default permissions are:

anonymous

View entries

View pages

member

Log in

View entries

View pages

author

Access the dashboard

Create entries

Create pages

Edit entries

Edit pages

Manage unapproved comments

Manage approved comments

Manage spam comments

editor

Edit all entries

Edit all pages

Manage all unapproved comments

Manage all approved comments

Manage all spam comments

admin

Change system options

Activate and deactivate plugins

Activate themes

Manage user accounts

Create new user accounts

Delete user accounts

Manager user groups

View system log messages

Manage tags

Default usergroups and permissions are assigned in the installhandler, during the installation process. The installer makes the first user a member of the "user", "author", "editor" and "administrator" groups.

The bulk of the permission checks occur in the adminhandler class, though it is far from complete. The main menu will only show to the user those items to which they have permission. Some checks are made during inside the various form processing methods in adminhandler, too.

Additional logic needs to be added so that the various object classes are ACL-aware, such that Posts::get() does not return items to which the user does not have permission.